In re Patent Application of: 
FOX ET AL. 

Serial No. 09/500,108 

Filing Date:. 2/8/00 
/ 

In the Claims : 

1. (CURRENTLY AMENDED) A method for assessing the 
security posture of a network comprising the steps of: 

creating a system object model database representing a 
network, wherein the system object model database supports the 
information data requirements of disparate separate, 
non- integrated network vulnerability analysis programs; 

exporting the system object model database of the network 
to the disparate separate, non- integrated network 
vulnerability /risk analysis programs ; . 

analyzing the network with each network vulnerability 
analysis program to produce data results from each program;, 
and 

correlating the data results of the network vulnerability 
analysis programs to determine the security posture of the 
network. 

2. (ORIGINAL) A method according to Claim 1, and 
further comprising the step of importing the system object 
model database to the network vulnerability analysis programs 
via an integrated application programming interface. 

3. (ORIGINAL) A method according to Claim 1, and 
further comprising the step of modeling the network as a - map 
on a graphical user interface. 

4. (ORIGINAL) A method according to Claim 1, and 
further comprising the step of establishing a class hierarchy 
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to define components of the network vulnerability analysis 
programs that share common data and programming traits. 

5. (ORIGINAL) A method according to Claim 1, and 
further comprising the step of correlating the data results of 
the network vulnerability analysis programs using fuzzy logic 
processing. 

6. (ORIGINAL) A method according to Claim 1, and 
further comprising the step of running the network 
vulnerability assessment /risk analysis programs to obtain data 
results pertaining to network system details, network 
topologies, node level vulnerabilities and network level 
vulnerabilities. 

7. (CURRENTLY AMENDED) A method for assessing the 
security posture of a network comprising the steps, of: 

creating a system object model database representing a 
network, wherein the system object model database supports the 
information data requirements of separate, non- integrated 
network vulnerability/risk analysis programs; 

importing the system object model database of the network 
to the network vulnerability analysis programs through filters 
associated with each respective network vulnerability analysis 
programs program to export only the data required by a 
respective network vulnerability analysis program; 

analyzing the network with each network vulnerability, 
analysis program to produce data results from each program; 
and 

correlating the data results of the network vulnerability 
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analysis programs to determine the security posture of the 
network. 

8. (ORIGINAL) A method according to Claim 1, and 
further comprising the step of exporting the system object 
model database to the network vulnerability assessment /risk 
analysis programs via an integrated application programming 
interface . 

9. (ORIGINAL) A method . according to Claim 1, and 
further comprising the step of , modeling the network as a map 
on a graphical user interface. 

10. (ORIGINAL) A method according to Claim 7, and 
further comprising the step of establishing a class hierarchy 
to define components of the network vulnerability analysis 
programs that share common data and programming traits. 

11. (ORIGINAL) A method .according to Claim 7, and 
further comprising the step of correlating the data results of 
the network vulnerability analysis programs using fuzzy logic 
processing. 

12. (ORIGINAL) A method according to Claim 7, and 
further comprising the step of running the network 
vulnerability analysis programs to obtain data results 
pertaining to network system details, network topologies, node 
level vulnerabilities and network level vulnerabilities. 
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13. (CURRENTLY AMENDED) A computer program that resides 
on a medium that can be read by a program, wherein the 
computer program comprises instructions to cause a computer to 
create a system object model database representing a network, 
wherein the system object model database supports the 
information data requirements of disparate separate, 
non- integrated disparate network vulnerability analysis 
programs that analyze discrete, network portions; 

export the system object model database of the network to 
the network vulnerability analysis programs; 

analyze the network with each network vulnerability/risk 
analysis program to produce data results from each program; 
and ■ , 

correlate the data results of the network vulnerability 
analysis programs to determine the security posture of the 
network. 

.14. (ORIGINAL) A computer program according to Claim 
13, and further' comprising instructions for displaying an 
integrated application programming interface, and exporting 
the system object model database to the network vulnerability 
analysis programs via the integrated application programming 
interface. 

15. (ORIGINAL) A computer program according to Claim 
13, and further comprising instructions for modeling the 
network as a map on a graphical user interface. 

16. (ORIGINAL) A computer program according to Claim 
13, and further comprising instructions for establishing a 
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class hierarchy to define components of the network 
vulnerability analysis programs that share common data and 
programming traits. 

17. (ORIGINAL) A computer program according to Claim 
13, and further comprising instructions for correlating the 
data results of the network vulnerability analysis programs 
using, fuzzy logic processing, 

18. (ORIGINAL) A computer program according to Claim 
13, and further comprising instructions for running the - 
network vulnerability analysis programs to obtain data results 
that pertain to network system details, network topologies, 
node level vulnerabilities and, -network level vulnerabilities, 

19. (CURRENTLY AMENDED) A computer program that resides 
on a medium that can be read by a program, wherein the 
computer program comprises instructions to cause a computer to 
create a system object model database representing a network, 
wherein the system object model, database; supports the 
information data requirements of disparate separate, 

non- integrated network vulnerability analysis programs that 
analyze discrete network portions; 

import the system object model database of the network to 
the network vulnerability analysis programs through filters 
associated with each respective network vulnerability analysis 
program so as to export only the data- required by the 
respective network vulnerability analysis program; 
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analyze the network with each network vulnerability 
analysis program to produce data results from each program; 
and 

correlate . the data results of the . network vulnerability 
analysis programs to determine the security posture of the ' 
network. 

20. (ORIGINAL) A computer program according to Claim 
19,. and further comprising instructions for displaying an' 
integrated application programming interface, and exporting 
the system object model database to the network vulnerability 
analysis programs via the integrated application programming 
interface . ' 

21. (ORIGINAL) A computer program according to Claim 
19, and further comprising instructions for modeling the 
network as a map on a graphical user interface. 

22. ■ (ORIGINAL) A computer program according to Claim 
19, and further comprising instructions for establishing a 
class hierarchy to define components of the network 
vulnerability analysis programs that share common data and 
programming traits. 

23. (ORIGINAL) A computer program according to Claim 
19, and further comprising instructions for correlating the 
data results of the disparate network vulnerability analysis 
programs using fuzzy logic processing. 
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24. (ORIGINAL) A computer program according to Claim 
19, and further comprising instructions for running the 
network vulnerability analysis programs to obtain data results 
that pertain to network system details, network topologies, 
node level vulnerabilities and network level vulnerabilities. 

25. (CURRENTLY AMENDED) A data processing system for 
assessing the security vulnerability of a network comprising: 

a plurality of disparate separate, non- integrated network 
vulnerability/risk analysis programs used for analyzing a 
network; 

a system object model database that represents the 
network to be analyzed, wherein the system object model 
database supports the information data requirements of the 
network vulnerability/risk analysis programs; 

an applications programming interface for exporting the 
system object model database of the network to the network 
vulnerability/risk analysis programs; and 

a processor for correlating the data results obtained 
from each network- vulnerability analysis .program after 
analyzing the. network to determine the security posture of the 
network. 

26. (ORIGINAL) A data processing system according to 
Claim 25, wherein the applications programming interface for 
importing the system object model database comprises a 
graphical user interface. 
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27. (ORIGINAL) A data processing system according to 
Claim 25, and. further comprising a graphical user interface 
that models. the network as a map, 

28. (ORIGINAL) A data processing system according to 
Claim 25, and further comprising a graphical . user interface 
for displaying the security posture of the network. 

29. (ORIGINAL) A data processing system according to 
Claim 25, wherein said database further comprises an object 
oriented class hierarchy to define components of the network 
vulnerability analysis programs that share, common data and 
programming traits.. 

30. (ORIGINAL) A data processing system according to 
Claim 25, wherein said processor comprises a fuzzy logic- 
processor . 

31. (CURRENTLY 7VMENDED) A data processing system for 
assessing the security vulnerability of a network comprising: 

a plurality of disparate separate , non- integrated network 
vulnerability/risk analysis programs used for analyzing a 
network; 

a system object model database that represents the 
network to be analyzed, wherein the system object model 
database supports the information data requirements of each 
network vulnerability analysis program; 

an applications programming interface for exporting the 
system object model database of the network to the disparate 
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separate, non- integrated network vulnerability analysis . 
programs ; 

a filter associated with the applications programming 
interface and each respective network vulnerability analysis 
program for filtering the system object model database and 
exporting only the required data requirements to each network 
vulnerability analysis program; and 

a processor for correlating the data results obtained 
from each network vulnerability analysis program after ' 
analyzing the network to determine the security posture of the 
network . 

32. (ORIGINAL). A data processing system according to 
Claim 31, wherein the applications programming interface for 
importing the system object model . database to comprises a 
graphical user interface. 

33. (ORIGINAL) A data processing system according to 
Claim 31, and further comprising a graphical user interface 
that models the network as a map. 

34. (ORIGINAL) A data processing system according. to 
Claim 31,. and further comprising a graphical user interface 
for displaying the vulnerability posture of the network. 

35. (ORIGINAL) A data processing system according to 
Claim 31, wherein said database further comprises an object 
oriented class hierarchy to define components of the network 
vulnerability analysis programs that share common data and 
programming traits. 
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36. (ORIGINAL) A data processing system according to 
Claim 31, wherein said processor comprises a fuzzy logic 
processor . 
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